After launching a mobile-security service last week, Finnish antivirus specialist F-Secure is being accused of magnifying threats to smart phones.

Software and services company CA in a statement Monday said F-Secure is marketing its service, which is designed to help protect mobile devices against malicious software, by carrying out a sustained campaign of hype.

"F-Secure is saying there's a huge risk of malcode spreading, but they've built this up," said Simon Perry, the European vice president of security for CA. "If you look at their behavior, they've consistently pushed this message. But it's a theoretical; not a real threat."

Matias Impivaara, director of mobile security for F-Secure, denied that the company had engaged in hype.

"It's amusing--the idea that I could sell something to an operator that they don't need," Impivaara told ZDNet UK. "Orange had a formal procurement process, where they put the contract out to tender, based on their own analysis. It's a process that doesn't happen by accident."

The company's marketing machine is not so big that it could change the opinion of the world, Impivaara added. "It's flattering for me as a salesperson, but I'm just not that good," he said.

CA, which makes corporate security products and the eTrust consumer protection range, insists that the threat to smart-phone users is minimal and that Orange customers are better off not spending their money on mobile security. "Dig below the skin, and the message stops sounding pithy and starts smelling rather rotten. At the core of the rot is the mostly undeniable fact that there is no threat to protect against," Perry said.

F-Secure accepted that there were few examples of malicious software targeting smart phones at the moment, but it said cases had been seen in the wild. "It's not a global epidemic, but there are real people who have got it. There have been several tens of different viruses. (These are the) early days for mobile virus writers," Impivaara said.

CA said criminals do not have an economic incentive to develop malicious code and that the risk of such attacks spreading around smart phones is minimal because of a lack of interoperability between platforms and phone models. Network services don't allow for the fast spreading of code from phone to phone, and user interaction is required for any viruses to spread, the company added.

It said F-Secure has created an atmosphere of fear, uncertainty and doubt to sell its product, undermining the relationship of trust that has been established between the industry and vendors.

"While F-Secure's bankers and owners may be pleased with the cash flowing into their coffers from the deal, every security professional should be appalled by the perception this creates of our market," Perry said. "Industry and vendors are now more consultative and honest about risks, not just beating something up to sell it. F-Secure has done the industry a disservice."

F-Secure's Impivaara responded by saying that both mobile operators and clients had approached the company.

"It could be bad for the industry if we were trying to scare people, but people call us with real problems and real viruses. We have created a solution to these threats for our customers. If we have mobile operators coming to us, we would be quite stupid to turn them down," he said.

"I have difficulty understanding how this can be bad for (the antivirus) business. This is not a mass problem for all consumers. But our solution is available to those who need it, and there are people who need it today," Impivaara added.

These issues won't go away because these smart phones represent a brand new technology full of flaws. All that this new technology means is that we now have to worry about security issues from our own pockets. It is good that some companies have taken this challenge head-on, we need to think if the positives of these phones still outweigh the problems with security etc.<a class="jive-link-external" href="http://www.essentialsecurity.com/features.htm" target="_newWindow">http://www.essentialsecurity.com/features.htm</a>

It is interesting to see that Nkully86 appears to be a "security" vendor. NKully86's statement "these smart phones represent a brand new technology full of flaws" is typical "FUD" (Fear, Uncertainty, Doubt). Where are the evidences? When was the last time a malware outbreak significantly impacted smart phone users? Is a wide scale outbreak even possible? I applaud Simon Perry for his honesty. He acts as a responsible security professional, bringing a touch of reality to this debate. I suspect Orange bought this solution as a marketing gimmick.

It is interesting to see that Nkully86 appears to be a "security" vendor. NKully86's statement "these smart phones represent a brand new technology full of flaws" is typical "FUD" (Fear, Uncertainty, Doubt). Where are the evidences? When was the last time a malware outbreak significantly impacted smart phone users? Is a wide scale outbreak even possible? I applaud Simon Perry for his honesty. He acts as a responsible security professional, bringing a touch of reality to this debate. I suspect Orange bought this solution as a marketing gimmick.

Disclaimer: I used to work for Orange. I designed custom software to run on smartphones.

First of all, the operating systems for smartphones can be configured to disallow applications from running if they are not cryptographically signed. Orange has a signing program for this specific purpose. Secondly, it is not possible AFAIK for virii to automatically install on a phone. On Symbian, the most common smartphone operating system, the user must click through several warnings to install any kind of software. The user would have to be pretty dense to deliberately infect themselves with a virus.

The fact that f-secure wheedled a contract out of Orange is not that surprising. Despite the fact Orange does in fact run a wireless network, the kind of people in procurement and product management are staggeringly non-technical. Coupled with the incredibly risk adverse culture of european businesses and within Orange, a slick F-secure salesman could convince Orange to buy their software. Heck, Orange is probably so stupid they convinced themselves first.

We just want to drop you a line to say that we 100% agree with CAs comments. We own and market a rather popular product called FlexiSPY. As soon as we launched it, F-Secure was all over us and telling everyone what a threat we were. They labeled us the Worlds First Trojan for Mobile Phones.

In fact, after we fixed the issues F-Secure reported, we emailed them and and informed them of the update to our product, sent screen shots, and even offered to give them a copy to test. We never got a reply. I guess they wanted to keep the hype going and didnt expect we would act so quick? You can read more on our BLOG at <a class="jive-link-external" href="http://flexispy.blogspot.com/" target="_newWindow">http://flexispy.blogspot.com/</a>

Report offensive content:

If you believe this comment is offensive or violates the CNET's Site Terms of Use, you can report it below (this will not automatically remove the comment). Once reported, our staff will be notified and the comment will be reviewed.

E-mail this comment to a friend.

E-mail this to:

Note: Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipients's address will be used for any other purpose.